package com.cskaoyan.controller;

import com.cskaoyan.bean.Admin;
import com.cskaoyan.bo.AuthloginBo;
import com.cskaoyan.service.AuthService;
import com.cskaoyan.service.LogService;
import com.cskaoyan.shiro.CustomLoginToken;
import com.cskaoyan.vo.BaseRespVo;
import com.cskaoyan.vo.LoginData;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import java.io.Serializable;
import java.util.ArrayList;

@RestController
public class AuthController {

    @Autowired
    AuthService authService;

    @Autowired
    LogService logService;

    public static String loginUsername;

    /**
     * 功能:登入
     * 作者:whj
     */
    @RequestMapping("admin/auth/login")
    public BaseRespVo login(@RequestBody AuthloginBo authloginBo, HttpSession session, HttpServletRequest httpServletRequest) {//也可以使用JavaBean来接收

        CustomLoginToken adminToken = new CustomLoginToken(authloginBo.getUsername(), authloginBo.getPassword(), "admin");
        Subject subject = SecurityUtils.getSubject();
        subject.login(adminToken);
        try {
            subject.login(adminToken);
        } catch (AuthenticationException e) {
            return BaseRespVo.error("账号或密码不匹配,请重新登录");
        }

        Serializable sessionId = subject.getSession().getId();

        System.out.println(subject.isAuthenticated());

        return BaseRespVo.ok(sessionId);
    }

    @RequestMapping("admin/auth/noLogin")
    public BaseRespVo intercept() {
        return BaseRespVo.error("请登录");
    }

    @RequestMapping("admin/auth/noPermission")
    public BaseRespVo noPermission() {
        return BaseRespVo.error("没有权限");
    }

    /**
     * 作者：grz
     * 功能：用户登录信息，渲染权限列表
     */
    @RequestMapping("admin/auth/info")
    public BaseRespVo info(String token, HttpServletRequest request) {

        //拿到已经登录的subject
        Subject subject = SecurityUtils.getSubject();
        String username = (String) subject.getPrincipal();

        LoginData loginData = new LoginData();
        Admin admin = authService.query(username);

        loginData.setAvatar(admin.getAvatar());
        loginData.setName(loginData.getName());
        Integer[] roleIds = admin.getRoleIds();

        ArrayList<String> roles = new ArrayList<>();
        for (Integer roleId : roleIds) {
            String s = authService.queryRoleName(roleId);
            roles.add(s);
        }
        ArrayList<String> perms = authService.queryPermsList(username);
        loginData.setPerms(perms);
        loginData.setRoles(roles);
        return BaseRespVo.ok(loginData);
    }

    /**
     * 功能:登出
     * 作者:whj
     */
    @RequestMapping("admin/auth/logout")
    public BaseRespVo logout() {
        return BaseRespVo.ok();
    }

    public static String getLoginUsername() {
        return loginUsername;
    }

}
